iPhone SSH
August 28, 2007 2:34 PM
After installing OpenSSH on your iPhone, is there a way to disable it except when needed?
In order to easily put files on my iPhone, I installed the BSD subsystem, ssh, and a terminal. Of course, I changed the root password. But I find it strange that I can log on to the iPhone through ssh all the time, not just when I have launched the terminal and run ssh in some way. Is there a way to turn off the ssh service except when needed? I am bothered by the security and possible battery life implications. Or am I misunderstanding what is going on?
In order to easily put files on my iPhone, I installed the BSD subsystem, ssh, and a terminal. Of course, I changed the root password. But I find it strange that I can log on to the iPhone through ssh all the time, not just when I have launched the terminal and run ssh in some way. Is there a way to turn off the ssh service except when needed? I am bothered by the security and possible battery life implications. Or am I misunderstanding what is going on?
(i assume they want the bsd equivalent of "chkconfig -d sshd")
posted by andrew cooke at 3:35 PM on August 28, 2007
posted by andrew cooke at 3:35 PM on August 28, 2007
and if i google that the answer is here - just change the "yes" to "no", i assume.
posted by andrew cooke at 3:36 PM on August 28, 2007
posted by andrew cooke at 3:36 PM on August 28, 2007
is that clear? you want to follow those instructions except use sshd_enable="NO". disclaimer: i have no idea if this also applies to iphones.
posted by andrew cooke at 3:38 PM on August 28, 2007
posted by andrew cooke at 3:38 PM on August 28, 2007
battery life implications, incidentally, are unlikely to be important. if you are worried about security you may want to configure sshd to only allow certain users, etc. example config. i'll shut up now...
posted by andrew cooke at 3:42 PM on August 28, 2007
posted by andrew cooke at 3:42 PM on August 28, 2007
OpenSSH on the iPhone wouldn't be much different from OpenSSH anywhere else - there's a daemon called sshd that deals with incoming ssh connections. you could always chmod -x it (on my Mac, it's in /usr/sbin but might be elsewhere) and reboot. then chmod +x and reboot to re-enable. it'll also put a script somewhere to automatically start it on boot; you could always just do chmod -x on it and then run it manually (/bin/bash whatever-the-script-is-called start, probably) when needed.
posted by mrg at 3:46 PM on August 28, 2007
posted by mrg at 3:46 PM on August 28, 2007
The iPhone doesn't have a typical init.d setup.
I think this file is controlling the launch of sshd: /Library/LaunchDaemons/com.openssh.sshd.plist
posted by Good Brain at 4:03 PM on August 28, 2007
I think this file is controlling the launch of sshd: /Library/LaunchDaemons/com.openssh.sshd.plist
posted by Good Brain at 4:03 PM on August 28, 2007
Yeah, it uses launchd, which seems to be assuming an inetd/xinetd-like role in this case. I think maybe just moving or getting rid of the sshd plist will take care of the issue
posted by Good Brain at 4:08 PM on August 28, 2007
posted by Good Brain at 4:08 PM on August 28, 2007
The plist that ships with OpenSSH for iPhone specifies it as an "on-demand" launchd service, meaning it runs when someone tries to contact the correct port. You can see it in /Library/LaunchDaemons/com.openssh.sshd.plist. So it isn't sitting there draining your battery all day, and I wouldn't worry about this, beyond of course changing the passwords on the root and mobile accounts.
posted by evariste at 4:56 PM on August 28, 2007
posted by evariste at 4:56 PM on August 28, 2007
@rhizone
What it means is, you can log into the iPhone remotely through ssh. Launching the terminal means running a terminal emulator directly on the iPhone.
@evariste
Ok, thank you for the information and piece of mind.
posted by yesno at 5:48 PM on August 28, 2007
What it means is, you can log into the iPhone remotely through ssh. Launching the terminal means running a terminal emulator directly on the iPhone.
@evariste
Ok, thank you for the information and piece of mind.
posted by yesno at 5:48 PM on August 28, 2007
Update: I confirmed evariste's information by running "top" on the vt-100 emulator on the iPhone and seeing that ssh would only start up when I made a connection from my computer.
posted by yesno at 6:30 PM on August 28, 2007
posted by yesno at 6:30 PM on August 28, 2007
This thread is closed to new comments.
posted by rhizome at 3:12 PM on August 28, 2007